PRIVACY PRACTICES

Premier Dermatology PLLC

Effective Date: December 20, 2021

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

Teresa Tucker

479.273.3376


Section A: Who Will Follow This Notice?

This Notice describes Premier Dermatology (hereafter referred to as ‘Provider’) Privacy Practices and that of:

Any workforce member authorized to create medical information referred to as Protected Health Information (PHI) which may be used for purposes such as Treatment, Payment and Healthcare Operations. These workforce members may include:

  • All departments and units of the Provider.
  • Any member of a volunteer group.
  • All employees, staff, and other Provider personnel.
  • Any entity providing services under the Provider's direction and control will follow the terms of this notice. In addition, these entities, sites, and locations may share medical information with each other for Treatment, Payment or Healthcare Operational purposes described in this Notice

 

Section B: Our Pledge Regarding Medical Information

We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive at the Provider. We need this record to provide you with quality care and to comply with certain legal requirements. This Notice applies to all the records of your care generated or maintained by the Provider, whether made by Provider personnel or your personal doctor.  


This Notice will tell you about the ways in which we may access, disclose, and exchange medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.

We are required by law to:

  • Make sure that medical information that identifies you is kept private;
  • Make easily available to you this Notice of our legal duties and privacy practices with respect to medical information about you; and
  • Follow the terms of the Notice that is currently in effect.

 

Section C: How We May Use and Disclose Medical Information About You

The following categories describe different ways that we use and disclose medical information. For each category of uses or disclosures we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.

  • Treatment. We may use medical information about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, health care students, or other Provider personnel who are involved in taking care of you at the Provider. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so that we can arrange for appropriate meals. Different departments of the Provider also may share medical information about you in order to coordinate the different things you need, such as prescriptions, lab work and x-rays. We also may disclose medical information about you to people outside the Provider who may be involved in your medical care after you leave the Provider, such as family members, clergy, or others we use to provide services that are part of your care.
  • Payment. We may use and disclose medical information about you so that the treatment and services you receive at the Provider may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about surgery you received at the Provider so your health plan will pay us or reimburse you for the surgery. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
  • Healthcare Operations. We may use and disclose medical information about you for Provider operations. These uses and disclosures are necessary to run the Provider and make sure that all of our patients receive quality care. For example, we may use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine medical information about many Provider patients to decide what additional services the Provider should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, health care students, and other Provider personnel for review and learning purposes. We may also combine the medical information we have with medical information from other Providers to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning a patient's identity.
  • Appointment Reminders. We may use and disclose medical information to contact you as a reminder that you have an appointment for treatment or medical care at the Provider.
  • Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
  • Health & Related Benefits and Services. We may use and disclose medical information to tell you about health & related benefits or services that may be of interest to you.
  • Fundraising Activities. If we intend to use your medical information for fund-raising purposes, we will inform you of such intent and that you have a right to opt out of receiving fundraising communications. We may use information about you to contact you in an effort to raise money for the Provider and its operations. We may disclose information to a foundation related to the Provider so that the foundation may contact you into raising money for the Provider. We only would release only contact information, such as your name, address and phone number and the dates you received treatment or services at the Provider. If you do not want the Provider to contact you for fundraising efforts, you must notify us in writing. You will be given the opportunity to ‘opt-out’ of these communications.
  • Authorizations Required. We will not use your protected health information for any purposes not specifically allowed by Federal or State laws or regulations without your written authorization; Specifically, the following types of uses and disclosures of your medical information require an authorization; 1) disclosure of psychotherapy notes; 2) disclosures for marketing purposes; and 3) disclosures that constitute a sale of protected health information. Other uses and disclosures not described in the NPP will not be made unless an individual provides an authorization and that authorizations may be revoked prospectively at any time by written revocation.
  • Emergencies. We may use or disclose your medical information if you need emergency treatment or if we are required by law to treat you but are unable to obtain your consent. If this happens, we will try to obtain your consent as soon as we reasonably can after we treat you.
  • Communication Barriers. We may use and disclose your health information if we are unable to obtain your consent because of substantial communication barriers, and we believe you would want us to treat you if we could communicate with you.
  • Facility Directory. We may include certain limited information about you in the Facility Directory while you are a patient of the Provider. This information may include your name, location in the Provider, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The Provider Directory information, except for your religious affiliation, may also be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. This is so your family, friends and clergy can visit you in the Provider and generally know how you are doing. You may Opt-out of this Directory by providing a written request at the time of admission or registration.
  • Individuals Involved in Your Care or Payment for Your Care. We may release medical information about you to a friend or family member who is involved in your medical care, and we may also give information to someone who helps pay for your care, unless you object and ask us not to provide this information to specific individuals, in writing.   In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location.
  • Research. Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients' need for privacy of their medical information. Before we use or disclose medical information for research, the project will have been approved through this research approval process, but we may, however, disclose medical information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the medical information they review does not leave the Provider. We will almost always generally ask for your specific permission if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care at the Provider.
  • As Required by Law. We will disclose medical information about you when required to do so by federal, state, or local law.
  • To Avert a Serious Threat to Health or Safety. We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
  • E-mail Use. E-mail will only be used for communications with you following this organization’s current policies and practices and with your permission. The use of secured, encrypted e-mail is encouraged.
  • Notice of Privacy Practices (NPP) Distribution. The Privacy Rule requires a covered entity that maintains a web site providing information about the covered entity’s services or benefits to prominently post its NPP on its web site.

When we first deliver health care service to an individual electronically, such as through e-mail, or over the Internet, we may send an electronic NPP automatically and contemporaneously in response to the individual’s request for service.

We may e-mail an NPP to an individual if the individual agrees to receive an electronic NPP (although the individual always retains the right to receive a paper copy of the NPP upon request).

We will make the latest notice (i.e., the one that reflects any changes in privacy policies) available at our office or facility for individuals to request to take with them and post it in a clear and prominent location at the facility.

 

Section D: Special Situations 

  • Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
  • Military and Veterans. If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
  • Workers' Compensation. We may release medical information about you for workers' compensation or similar programs.
  • Public Health Risks. We may disclose medical information about you for public health activities. These activities generally include the following:
    • to prevent or control disease, injury or disability;
    • to report births and deaths;
    • to report child abuse or neglect;
    • to report reactions to medications or problems with products;
    • to notify people of recalls of products they may be using;
    • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and
    • to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
  • Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
  • Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
  • Law Enforcement. We may release medical information if asked to do so by a law enforcement official:
    • in response to a court order, subpoena, warrant, summons or similar process;
    • to identify or locate a suspect, fugitive, material witness, or missing person;
    • about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person's agreement;
    • about a death we believe may be the result of criminal conduct;
    • about criminal conduct at the Provider; and
    • in emergency circumstances, to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
  • Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients of the Provider to funeral directors as necessary to carry out their duties.
  • National Security and Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
  • Protective Services for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
  • Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary for the institution to provide you with health care, to protect your health and safety or the health and safety of others, or for the safety and security of the correctional institution.

 

Section E: Your Rights Regarding Medical Information About You

You have the following rights regarding medical information we maintain about you:

  • Right to Access, Inspect, Copy and Direct Copies to be Sent. You have the right to access and inspect or have copies of your record of the medical information that may be used to make decisions about your care, with a few exceptions.  Copies may be requested for yourself, or you may opt to have them sent to any party you wish. Such access, inspection or copies will be provided to you in a timely manner, typically not more than 30 days after you make the request. Usually, this includes medical and billing records, but may not include psychotherapy notes.
  • If we maintain your information electronically you may request a copy of your records via a mutually agreed upon electronic format. If we fail to agree upon an electronic format for delivery of electronic copies, we will provide you with a paper copy for your records. This organization will comply with all Health Information Portability and Accountability Act (HIPAA) and 21st Century Cures Act rules. These rules assist our patients and their personal representatives with access, disclosure and exchange of their electronic health information.
  • If you request a copy of the information in either paper or electronic format, we may charge a fee for the costs of copying, mailing or other supplies associated with your request, although electronic requests initiated by the patient or their personal representative, typically through our Patient Portal myPatientVisit will not incur any expenses for receiving their electronic health information. Fee schedules for record copies are published and available to the public. 
  • We may deny your request to provide access to inspect and copy medical information in certain very limited circumstances. If you are denied access to medical information, in some cases, you may request that the denial be reviewed. Another licensed health care professional chosen by the Provider will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
  • Right to Amend. If you feel that medical information, we have about you is incorrect or incomplete, you may request us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Provider. In addition, you must provide a reason that supports your request.
  • We may deny your request for an amendment if; it is not in writing or does not include a reason to support the request or for other reasons. Typical reasons for denial of an amendment request include if you ask us to amend information that:
    • Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
    • Is not part of the medical information kept by or for the Provider;
    • Is not part of the information which you would be permitted to inspect and copy; or
    • Is accurate and complete.
  • Right to an Accounting of Disclosures. You have the right to request an ‘Accounting of Disclosures’. This is a list of the disclosures we made of medical information about you. Your request must state a time period which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, on paper or electronically, if available). The first list you request within a 12-month period will be complimentary. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
  • Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or healthcare operations. We require that any requests for use or disclosure of medical information be made in writing. In some cases we are not required to agree to these requests, however if we do agree to them we will abide by these restrictions. We will always notify you of our decisions regarding restriction requests in writing.  

You have the right to request, in writing, a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. In your request, you must tell us what information you want to limit, whether you want to limit our use, disclosure or both, and to whom you want the limits to apply, for example, disclosures to your spouse.

You also have the right, which we may not refuse (except as listed below), to restrict use and disclosure of your medical information about a service or item for which you have paid completely out of pocket, for payment (e.g.,  your insurance company) and operational (but not treatment) purposes, if you have completely paid your bill for this item or service. We are not required to accept your request for this type of restriction until you have completely paid your bill (zero balance) for this item or service or if the request is contrary to any law. We are not required to notify other healthcare providers of these types of restrictions, that is your responsibility.

  • Right to Receive Notice of a Breach. We are required to notify you under the HIPAA rules by first class mail or by e-mail (if we offered and you have indicated a preference to receive information by e-mail), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of “Unsecured Protected Health Information” is information that is not secured through the use of a technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the Protected Health Information unusable, unreadable, and undecipherable to unauthorized users.
  • Arkansas State Breach Notification Rule: Entities covered: Any person or business that acquires, owns, or licenses computerized data that includes personal information” of Arkansas residents. (§4-110-105(a). Data Covered: “[A]n individual’s first name or first initial and his or her last name in combination with any one (1) or more of the following data elements, when either the name or the data element is not encrypted or redacted: (A) Social security number; (B) Driver’s license number or Arkansas identification card number; (C) Account number, credit card number, or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account; and (D) Medical information.*” (§4-110-103(7))

* Medical information is defined as “any individually identifiable information, in electronic or physical form, regarding the individual’s medical history or medical treatment or diagnosis by a health care professional.” (§4-110-103(5))

  • The notice is required to include the following information:
    • a brief description of the breach, including the date of the breach and the date of its discovery, if known;
    • a description of the type of Unsecured Protected Health Information involved in the breach;
    • steps you should take to protect yourself from potential harm resulting from the breach;
    • a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches;
    • contact information, including a toll-free telephone number, e-mail address, Web site or postal address to permit you to ask questions or obtain additional information.

In the event the breach involves 10 or more patients whose contact information is out of date we will post a notice of the breach on the home page of our Web site or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary of HHS. We also are required to submit an annual report to the Secretary of a breach that involved less than 500 patients during the year and will maintain a written log of breaches involving less than 500 patients. We will report breaches of over 1000 patients to credit monitoring agencies as required by FIPA. 

  • Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or hard copy or e-mail. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
  • Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice. You may obtain a copy of this Notice at our website. To exercise the above rights, please contact Teresa Tucker, HIPAA privacy and security officer to obtain a copy of the relevant form you will need to complete to make your request.

 

Section F: Changes to This Notice

We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current Notice. The Notice will contain on the first page, in the top right-hand corner, the effective date. In addition, each time you register at or are admitted to the Provider for treatment or health care services as an inpatient or outpatient, we will offer you a copy of the current Notice in effect.


Section G: Complaints

If you believe your privacy rights have been violated, you may file a complaint with the Provider or with the Secretary of the Department of Health and Human Services; http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html

To file a complaint with the Provider, contact the individual listed on the first page of this Notice. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

If you believe you have been subject to information blocking you may file a complaint with the office of the Inspector General (OIG) at the following web address:

https://inquiry.healthit.gov/support/plugins/servlet/desk/portal/6

Section H: Other Uses of Medical Information

Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.

Notice Informing Individuals About Nondiscrimination and Accessibility Requirements and Nondiscrimination Statement:

  • Discrimination is Against the Law
  • Premier Dermatology complies with applicable Federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex. Premier Dermatology does not exclude people or treat them differently because of race, color, national origin, age, disability, or sex.

Premier Dermatology provides free aids and services to people with disabilities to communicate effectively with us, such as:

  • Qualified sign language interpreters
  • Written information in other formats (large print, audio, accessible electronic formats, other formats)

Premier Dermatology provides free language services to people whose primary language is not English, such as:

  • Qualified interpreters
  • Information written in other languages

If you need these services, please contact the front office manager Chrissie Patterson or the HIPAA officer for the practice, Teresa Tucker. Both can be reached at the general office number 479-273-3376.

If you believe that Premier Dermatology has failed to provide these services or discriminated in another way on the basis of race, color, national origin, age, disability, or sex, you can file a civil rights complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, electronically through the Office for Civil Rights Complaint Portal, available at https://ocrportal.hhs.gov/ocr/portal/lobby.jsf, or by mail or phone at:

U.S. Department of Health and Human Services

200 Independence Avenue, SW

Room 509F, HHH Building

Washington, D.C. 20201

1-800-368-1019, 800-537-7697 (TDD)

Complaint forms are available at http://www.hhs.gov/ocr/office/file/index.html.